Logging out of email privacy

“Google has finally admitted that they don’t respect privacy. People should take them at their word; if you care about your email correspondents’ privacy, don’t use Gmail.” said John M. Simpson, director of Consumer Watchdog Privacy Project.

The fallout from the U.S. government’s National Security Agency (NSA) leaks by Edward Snowden has alerted privacy and anti-surveillance activists worldwide. Companies like Google were found to be part of a program that spied on people all around the world. Recently, in an attempt to dismiss a class action suit against it, Google said that people who sent emails to Gmail users have "no reasonable expectation of privacy.” The suit, filed in May, says Google “unlawfully opens up, reads and acquires content of people’s private email messages.” It also quotes Google’s executive chairman Eric Schmidt: “Google policy is to get right up to the creepy line and not cross it.” But according to the allegation in the suit, Google has in fact crossed that creepy line and read people’s personal information. In the past, Google employees acknowledged the fact that their products do not provide privacy.

This has created a level of hysteria among Gmail users who are quite particular about email privacy and online security. But here is the surprising part for us Google users: we have already given Google the license to access and use our private information—we’ve done that the minute we click on “Accept” on Google’s privacy policy.

Gmail and journalism

Almost 450 million people use Gmail worldwide, including journalists, activists, lawyers and bloggers, all of whom require a high level of privacy and online security for their work. Professional journalists are quite particular about protecting their sources. But by using Gmail, journalists are actually making their sources susceptible to surveillance. Even if their sources use secure communication tools, one email to a journalist's Gmail inbox is all it would take to blow that cover.

Some journalists use Google Docs to write their stories; it is just a way of asking Google for a temporary notepad and writing the story on it and then returning to it at a later time from any location. Google goes on to store it on their servers and that too in real-time (it stores the contents in runtime while we edit the document). This way Google knows the story even before the editor of the publication.

Journalists need to become more aware about the different tools they work on. At individual levels, journalists can choose secure email services, encrypt their data and use secure communication tools.

The Google business

The Google empire is worth over $200 billion today. Google makes money out of information. More information means a healthy business, and clearly, the amount of information it can gather from its 450 million Gmail users is valued highly. It can also gather information from users that use other email services like Hotmail or Yahoo, when these individuals send emails to Gmail accounts. One of the most visible signs of Gmail accessing your private information comes from the ads that appear when you are checking your email. Google scans information contained in emails, and provides ads relevant to the information contained in those emails. For instance, a user applying for admission to a college or a university will find ads of other universities and colleges displayed inside his or her Gmail.

To clear doubts about where your emails end up, non-U.S. users must understand that by using email services from companies like Google and Microsoft,  you are making  your emails susceptible to government surveillance programs, particularly the U.S. ones. The servers of these companies are located in the U.S. and that is where all emails sent throughout the world on these services route through. The NSA leaks have clearly legitimised any fears, and it is now abundantly clear that private information is used by companies in cooperation with the American government.

In addition to being an unsecure method of communication, Gmail is quite a favorite target of hackers. Similarly, Microsoft Windows is the most vulnerable operating system (to viruses and hackers) in the world only because it is the most popular operating system in the world. Those of us who think Gmail can’t be hacked by third parties just because it is a product of the largest tech company in the world need to think again. Recently according to Google, Gmail accounts of journalists who cover Myanmar were reported to have been hacked by government authorities, even though the government denied the allegations. Google instructed these journalists to change their passwords and tighten security settings. Gmail accounts of journalists, activists and even officials have been hacked several times in China and mass hacking of Google accounts has taken place in the US and other parts of Asia in the past.

Google’s contradiction

Google has been an advocate of free speech and Internet freedom in the past. It dwells on the idea of an open Internet, perhaps because Google knows that more open Internet means more information which in turn means more money for the tech giant. Over time it has been advocating for open Internet to such an extent that it has started to overlook people’s privacy. At the same time, it is the same company that has been accused of violating privacy of people through its street view cameras projects. After a recent EU high court ruling, Google can now publish links that may contain any individual’s personal material and information.

Another concerning element is that Google does not encrypt this information when it stores it on its servers. Google cannot keep the data in encrypted form where only the user knows about the contents. That is because of the value it holds for the company monetarily.

Google has often said it does scan the contents of emails, but that it is done by computers and not by real people. Even if users were to believe that, there is still the issue of “other parties and affiliates” with whom Google shares that data for “processing,” as it clearly states in its privacy policy.

What Google has already told us

Under “How we use information we collect,” the last sentence says:

Google processes personal information on our servers in many countries around the world. We may process your personal information on a server located outside the country where you live.

Under “Information we share,” some important points to be noted are:

We do not share personal information with companies, organizations and individuals outside of Google unless one of the following circumstances apply:

For external processing

We provide personal information to our affiliates or other trusted businesses or persons to process it for us, based on our instructions and in compliance with our Privacy Policy and any other appropriate confidentiality and security measures.

For legal reasons

We will share personal information with companies, organizations or individuals outside of Google if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to:

• meet any applicable law, regulation, legal process or enforceable governmental request.
• enforce applicable Terms of Service, including investigation of potential violations.
• detect, prevent, or otherwise address fraud, security or technical issues.
• protect against harm to the rights, property or safety of Google, our users or the public as required or permitted by law. 

Putting the blaming entirely on Google or other such companies would be wrong, however. People make decisions using their own discretion about which email service provider to use. But users rarely read privacy policies that come with signing up for an email account.

Secure email alternatives 

There are several email services that provide secure email communication. Edward Snowden himself used Lavabit which had to shut down its services after pressure by the U.S. government to reveal Snowden's email data. Another email service Silent Circle which provided secure email service under the name Silent Mail also shut its services down despite stating that it had not received any government orders. There are several other secure email services, however, that continue to gain users every day. 

One of the most easy-to-setup and richly featured email services is Hushmail.com, despite it being a paid email service. As long as a user is not involved in any 'illegal activity,' Hushmail will not decrypt and view user data. While creating your account it will ask you to sign this message:

“I understand that Hushmail is not suitable for illegal activity and that the providers of Hushmail will cooperate fully with authorities pursuing evidence via valid legal channels.”

A free software that lets you encrypt your own messages is Enigmail. It is an extension for Mozilla Thunderbird which is an email client just like the popular Microsoft Outlook. Its website provides all the instructions and documentation that users would need to read. Another important secure email service to check out is Riseup.net. It is a free email service that provides high quality encryption and security. The service runs on donations from its users. Even though it is not rich in looks and design, it does the job of keeping your email safe from prying eyes. Use of Riseup services can be enriched by using it with email clients such as Thunderbird or K-9 Mail app for android devices. There is a chat service that provides secure and encrypted communication as well. Known as Cryptocat, it is a free add-on that can be installed in the Firefox browser and is extremely easy to use. Many journalists have already started using these tools in countries like the U.S. and various European countries after the NSA leaks. 

While there is some opinion that Google really didn't mess up the privacy of its users, people whose professions demand anonymity and privacy need to look into secure services. Even the average Internet user who wants to prevent the misuse of his or her personal and financial information by surveillance agencies should support these privacy advocating services by using them.